Overview: Why the 2022 Amendment Matters
The Financial Intelligence Centre Amendment Act 22 of 2022 (the Amendment Act) was signed into law on 26 December 2022. It amends the Financial Intelligence Centre Act 38 of 2001 (FICA) — South Africa's primary anti-money laundering and counter-terrorist financing (AML/CFT) statute — across five critical areas:
| Area of Change | What Changed | Effective Date |
|---|---|---|
| Beneficial ownership | FIC PCC 59 clarified 5% threshold for CDD identification | August 2024 (PCC 59) |
| CASP licensing | Crypto asset service providers added to Schedule 1 accountable institutions | 19 June 2023 |
| Travel Rule powers | FIC empowered to prescribe Travel Rule for virtual asset transfers | Regulations pending |
| Administrative sanctions | Penalty ceiling raised to R10M (natural persons) / R50M (legal entities) | 26 December 2022 |
| Risk management programmes | Mandatory written RMP obligation codified for all accountable institutions | 26 December 2022 |
South Africa's FATF grey-listing in October 2023 — and subsequent removal in October 2024 — was directly linked to the pace of implementing these amendments. Accountable institutions that have not yet updated their compliance frameworks to reflect the 2022 changes face material regulatory risk.
1. Beneficial Ownership: The 5% Threshold
One of the most operationally significant changes arising from the 2022 amendment cycle is the clarification of the beneficial ownership identification threshold. FICA has always required accountable institutions to identify the natural persons who ultimately own or control a legal entity client. What was unclear was the percentage threshold at which ownership triggers CDD obligations.
The FIC addressed this in Public Compliance Communication 59 (PCC 59), issued in August 2024. PCC 59 confirmed that the threshold is 5% of ownership or voting rights in a legal entity. This replaces the informal 25% benchmark that many institutions had adopted from FATF guidance, which was never codified in FICA itself.
The practical implication is significant: institutions must now identify and verify any natural person holding 5% or more of shares, voting rights, or the right to appoint directors in a corporate client. For complex ownership structures — multi-layered holding companies, trusts, partnerships — this requires tracing the chain of ownership to the ultimate beneficial owner (UBO) at each 5% threshold.
Note that the CIPC beneficial ownership register (established under the Companies Amendment Act and the General Laws Amendment Act 22 of 2022) uses a 5% threshold for filing purposes. The FICA CDD obligation and the CIPC register obligation are legally distinct but now aligned at the same threshold. See the Beneficial Ownership Register page for the CIPC filing requirements.
2. Crypto Asset Service Providers (CASPs): Full FICA Coverage
The 2022 Amendment Act added crypto asset service providers (CASPs) to Schedule 1 of FICA as accountable institutions, effective 19 June 2023. This brought South Africa into alignment with FATF Recommendation 15, which requires jurisdictions to apply AML/CFT obligations to virtual asset service providers (VASPs).
The FSCA simultaneously issued a declaration under the Financial Advisory and Intermediary Services Act (FAIS) classifying crypto assets as financial products, requiring CASPs to hold a Category I Financial Services Provider (FSP) licence. The FSCA set a licensing deadline of30 November 2023 for CASPs that were already operating. New entrants must obtain FSCA authorisation before commencing operations.
As Schedule 1 accountable institutions, CASPs must comply with the full suite of FICA obligations: customer due diligence (CDD), enhanced due diligence (EDD) for high-risk clients, record-keeping (minimum 5 years), suspicious transaction reporting (STR) to the FIC, and a written risk management programme (RMP). See the KYC Requirements for Crypto Exchanges page for the full sector-specific breakdown.
| FICA Obligation | Applies to CASPs? | Notes |
|---|---|---|
| Customer Due Diligence (CDD) | Yes | Identity verification for all clients; R49,999 cash threshold for occasional transactions |
| Enhanced Due Diligence (EDD) | Yes | Required for PEPs, high-risk jurisdictions, and complex/unusual transactions |
| Suspicious Transaction Reports (STRs) | Yes | Must be filed with FIC within 15 days of suspicion arising |
| Record-keeping | Yes | Minimum 5 years from end of business relationship |
| Risk Management Programme (RMP) | Yes | Written RMP covering ML/TF/PF risks specific to crypto operations |
| Travel Rule | Pending | FIC empowered to prescribe; threshold not yet published as of April 2026 |
3. Travel Rule: Powers Granted, Regulations Pending
The Travel Rule requires that originating virtual asset service providers (VASPs) transmit identifying information about the sender and recipient alongside virtual asset transfers above a specified threshold. FATF Recommendation 16 (the "Travel Rule") applies this requirement to virtual assets, mirroring the wire transfer rules that already apply to banks under FATF Recommendation 16.
The 2022 Amendment Act empowers the FIC to prescribe Travel Rule obligations for South African CASPs via regulation. As of April 2026, the FIC has not yet published a specific Travel Rule threshold or technical standard for South Africa. CASPs should monitor FIC guidance notes and the FIC website at fic.gov.za for updates.
In the interim, CASPs operating internationally must comply with the Travel Rule requirements of the jurisdictions in which their counterparty VASPs are licensed. Many jurisdictions — including the EU (under MiCA/TFR), the UK, Singapore, and the UAE — have already implemented Travel Rule obligations. South African CASPs transacting with counterparties in those jurisdictions must comply with those rules regardless of South Africa's own implementation status.
4. Enhanced Administrative Sanctions
The 2022 Amendment Act significantly increased the FIC's administrative sanction powers. Under section 45C of FICA (as amended), the FIC may impose the following penalties per contravention:
| Entity Type | Maximum Penalty per Contravention |
|---|---|
| Natural person | R10 million |
| Legal entity (company, trust, partnership) | R50 million |
These figures represent the ceiling per contravention. Multiple contraventions — for example, failing CDD on 50 client files — can each attract a separate penalty. The FIC's enforcement approach has become markedly more active since 2023, with administrative sanctions published on the FIC enforcement register. See the FICA Penalties page for the full sanction schedule and enforcement process.
5. Mandatory Written Risk Management Programme
The 2022 Amendment Act codified the requirement for all accountable institutions to maintain a written Risk Management and Compliance Programme (RMCP). While FICA has always required a risk-based approach, the written documentation requirement is now explicit and enforceable. The RMCP must:
| RMCP Component | Requirement |
|---|---|
| ML/TF/PF risk assessment | Document the institution's assessment of its money laundering, terrorist financing, and proliferation financing risks |
| CDD policies and procedures | Written procedures for customer identification, verification, and ongoing monitoring |
| EDD triggers and procedures | Documented criteria for escalating to enhanced due diligence and the enhanced measures applied |
| STR reporting procedures | Internal escalation path, reporting timelines, and record-keeping for suspicious transaction reports |
| Record-keeping procedures | Document retention schedules, storage formats, and retrieval procedures |
| Training programme | Staff training schedule, content, and records of completion |
| Governance and accountability | Named compliance officer, board-level oversight, and annual review cycle |
The RMCP must be reviewed and updated at least annually, or whenever there is a material change in the institution's risk profile, business model, or the regulatory environment. See the Risk-Based Approach to KYC page for guidance on structuring an RMCP.
6. Cash Threshold Reports: R49,999 Limit
While not introduced by the 2022 Amendment Act itself, the cash threshold for mandatory Cash Threshold Reports (CTRs) was updated by Government Notice 2638, published in October 2022. The threshold was raised from R24,999 to R49,999. Accountable institutions must file a CTR with the FIC for any single cash transaction — or series of related cash transactions — that equals or exceeds R49,999.
The R49,999 threshold applies to cash transactions only (physical currency). It does not apply to electronic funds transfers, card payments, or cryptocurrency transactions, which are subject to CDD obligations at any amount where there is suspicion or where the institution's risk-based approach requires verification.
Implementation Timeline
| Date | Event |
|---|---|
| 26 December 2022 | FICA Amendment Act 22 of 2022 signed into law; penalty tiers and RMCP obligations effective |
| October 2022 | Government Notice 2638: cash threshold raised to R49,999 |
| 19 June 2023 | CASPs added to Schedule 1 of FICA as accountable institutions |
| 30 November 2023 | FSCA CASP licensing deadline for existing operators |
| October 2023 | South Africa placed on FATF grey list |
| August 2024 | FIC PCC 59: beneficial ownership threshold clarified at 5% |
| October 2024 | South Africa removed from FATF grey list |
| Pending | FIC Travel Rule regulations for CASPs (no date published as of April 2026) |
What Accountable Institutions Must Do Now
Every accountable institution in South Africa should audit its compliance framework against the 2022 Amendment Act changes. The following checklist covers the minimum actions required:
| Action Item | Priority | Relevant Page |
|---|---|---|
| Update beneficial ownership procedures to 5% threshold (PCC 59) | High | Beneficial Ownership |
| If operating as a CASP: obtain FSCA FSP licence and implement full FICA CDD | High | KYC for Crypto |
| Update cash threshold procedures to R49,999 (Gov Notice 2638) | High | Customer Due Diligence |
| Draft or update written RMCP to meet codified requirements | High | Risk-Based Approach |
| Review penalty exposure and ensure FIC enforcement register is monitored | Medium | FICA Penalties |
| Monitor FIC for Travel Rule regulations (CASPs) | Medium | fic.gov.za |
Frequently Asked Questions
When did the FICA Amendment Act 22 of 2022 come into effect?
The Act was signed on 26 December 2022. Its provisions have been brought into effect in phases. The CASP provisions came into effect on 19 June 2023. The FSCA CASP licensing deadline was 30 November 2023. The FIC's PCC 59 on beneficial ownership was issued in August 2024.
Does the 2022 amendment change the definition of "accountable institution"?
Yes. The most significant addition is crypto asset service providers (CASPs) to Schedule 1. The amendment also refined the definitions of certain existing categories, including trust and company service providers. Institutions should review Schedule 1 in full to confirm their classification.
Is the 5% beneficial ownership threshold mandatory for all institutions?
PCC 59 sets the 5% threshold as the FIC's interpretation of FICA's beneficial ownership identification requirement. While PCC 59 is guidance rather than legislation, the FIC uses it as the benchmark in enforcement actions. Institutions that apply a higher threshold (e.g., 25%) risk non-compliance findings.
What is the difference between the FICA beneficial ownership obligation and the CIPC register?
The FICA obligation requires accountable institutions to identify and verify the beneficial owners of their legal entity clients as part of CDD. The CIPC beneficial ownership register (under the Companies Amendment Act and GLAA 22 of 2022) requires companies themselves to disclose their beneficial owners to CIPC. Both use a 5% threshold but serve different regulatory purposes. See the Beneficial Ownership Register page.
Related Pages
For sector-specific guidance on implementing the 2022 Amendment Act changes, see the following pages:
| Sector | Requirements Page | Checklist |
|---|---|---|
| Banks | KYC Requirements: Banks | FICA Checklist: Banks |
| Crypto Exchanges | KYC Requirements: Crypto | FICA Checklist: Crypto |
| Estate Agents | KYC Requirements: Estate Agents | FICA Checklist: Estate Agents |
| Lawyers | KYC Requirements: Lawyers | FICA Checklist: Lawyers |